Update dependency commons-codec:commons-codec to v1.18.0

.drone.yml

@@ -1,13 +1,77 @@
-kind: template
+kind: pipeline
-load: java-build-deploy.yaml
+type: docker
-data:
+name: build
-  arch: arm64
+platform:
   os: linux
-  build_branches:
+  arch: arm64
+
+trigger:
+  branch:
     - main
-  build_events:
+  event:
     - push
     - pull_request
-  sonar_project_key: HidekoBot
+
-  deploy_targets:
+steps:
+  # test if it compiles correctly
+  - name: build
+    image: maven:3-eclipse-temurin-21
+    commands:
+      - mvn verify --no-transfer-progress -DskipTests=true -Dmaven.javadoc.skip=true -B -V
+
+  # run unit tests
+  - name: test
+    image: maven:3-eclipse-temurin-21
+    commands:
+      - mvn test --no-transfer-progress -B -V
+
+  # check maven dependencies
+  - name: dependency-check
+    image: maven:3-eclipse-temurin-21
+    commands:
+      - mvn dependency-check:check --no-transfer-progress -B -V -DnvdApiKey=$NVD_API_KEY
+    environment:
+      NVD_API_KEY:
+        from_secret: nvd_api_key
+
+  # run code analysis
+  - name: code-analysis
+    image: maven:3-eclipse-temurin-21
+    commands:
+      - mvn sonar:sonar --no-transfer-progress -Dsonar.projectKey=$SONAR_PROJECT_KEY -Dsonar.host.url=$SONAR_INSTANCE_URL -Dsonar.token=$SONAR_LOGIN_KEY -B -V
+    environment:
+      SONAR_PROJECT_KEY:
+        from_secret: sonar_project_key
+      SONAR_INSTANCE_URL:
+        from_secret: sonar_instance_url
+      SONAR_LOGIN_KEY:
+        from_secret: sonar_login_key
+
+---
+
+kind: pipeline
+type: docker
+name: deploy
+platform:
+  os: linux
+  arch: arm64
+
+trigger:
+  event:
+    - promote
+  target:
     - production
+
+steps:
+  # skip all previous steps because they were already ran in the "build" phase; we don't need to re-analyze the code.
+
+  # upload to maven repository
+  - name: maven-deploy
+    image: maven:3-eclipse-temurin-21
+    commands:
+      - mvn deploy --no-transfer-progress -DskipTests=true -Dmaven.javadoc.skip=true -B -V -gs settings.xml -Dmaven.repo.username=$MAVEN_REPO_USERNAME -Dmaven.repo.password=$MAVEN_REPO_PASSWORD
+    environment:
+      MAVEN_REPO_USERNAME:
+        from_secret: maven_repo_username
+      MAVEN_REPO_PASSWORD:
+        from_secret: maven_repo_password

README.MD

@@ -1,9 +1,9 @@
 # HidekoBot    
-[![Reliability Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot&metric=reliability_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot)
+[![Reliability Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot_AYWyYHsvX-1Ma0D4pJ59&metric=reliability_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot_AYWyYHsvX-1Ma0D4pJ59)
-[![Maintainability Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot&metric=sqale_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot) 
+[![Maintainability Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot_AYWyYHsvX-1Ma0D4pJ59&metric=sqale_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot_AYWyYHsvX-1Ma0D4pJ59) 
-[![Security Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot&metric=security_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot)
+[![Security Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot_AYWyYHsvX-1Ma0D4pJ59&metric=security_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot_AYWyYHsvX-1Ma0D4pJ59)
-[![Build Status](https://drone.prod.panic.haus/api/badges/bea/HidekoBot/status.svg)](https://drone.prod.panic.haus/bea/HidekoBot) 
+[![Build Status](https://drone.beatrice.wtf/api/badges/bea/HidekoBot/status.svg)](https://drone.beatrice.wtf/bea/HidekoBot) 
-[![Lines of Code](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot&metric=ncloc&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot)
+[![Lines of Code](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot_AYWyYHsvX-1Ma0D4pJ59&metric=ncloc&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot_AYWyYHsvX-1Ma0D4pJ59)
   
 Hideko is a general-purpose Discord bot.  
   

pom.xml

@@ -22,18 +22,18 @@
         <dependency>
             <groupId>net.dv8tion</groupId>
             <artifactId>JDA</artifactId>
-            <version>5.5.1</version>
+            <version>5.3.0</version>
         </dependency>
         <!-- JDA depends on SLF4J for logging -->
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>2.0.17</version>
+            <version>2.0.6</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-simple</artifactId>
-            <version>2.0.17</version>
+            <version>2.0.6</version>
         </dependency>
 
         <!-- Dependency used for SQLite database connections-->
@@ -47,26 +47,26 @@
         <dependency>
             <groupId>org.yaml</groupId>
             <artifactId>snakeyaml</artifactId>
-            <version>2.4</version>
+            <version>2.0</version>
         </dependency>
 
         <!-- JSoup is used to parse HTML into JSON objects for better handling in Java -->
         <dependency>
             <groupId>org.jsoup</groupId>
             <artifactId>jsoup</artifactId>
-            <version>1.19.1</version>
+            <version>1.15.3</version>
         </dependency>
         <!-- Various String manipulation utils -->
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-text</artifactId>
-            <version>1.13.1</version>
+            <version>1.10.0</version>
         </dependency>
         <!-- JSON dependency used for better parsing of JSON files -->
         <dependency>
             <groupId>org.json</groupId>
             <artifactId>json</artifactId>
-            <version>20250517</version>
+            <version>20231013</version>
         </dependency>
 
         <!-- Start Random.org dependencies -->
@@ -78,7 +78,7 @@
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
-            <version>2.13.1</version>
+            <version>2.10.1</version>
         </dependency>
         <dependency>
             <groupId>commons-codec</groupId>
@@ -91,7 +91,7 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-api</artifactId>
-            <version>5.13.4</version>
+            <version>5.9.2</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
@@ -102,7 +102,7 @@
             <dependency>
                 <groupId>com.google.protobuf</groupId>
                 <artifactId>protobuf-java</artifactId>
-                <version>4.31.1</version>
+                <version>4.30.0</version>
             </dependency>
         </dependencies>
     </dependencyManagement>
@@ -143,24 +143,23 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.11.2</version>
+                <version>3.4.1</version>
             </plugin>
 
             <plugin>
                 <groupId>org.sonarsource.scanner.maven</groupId>
                 <artifactId>sonar-maven-plugin</artifactId>
-                <version>5.1.0.4751</version>
+                <version>3.9.1.2184</version>
             </plugin>
 
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>12.1.1</version>
+                <version>12.1.0</version>
                 <configuration>
                     <failBuildOnCVSS>8</failBuildOnCVSS>
                     <!--suppress UnresolvedMavenProperty -->
                     <nvdApiKey>${nvdApiKey}</nvdApiKey>
-                    <knownExploitedUrl>https://raw.githubusercontent.com/EugenMayer/cisa-known-exploited-mirror/main/known_exploited_vulnerabilities.json</knownExploitedUrl>
                     <formats>
                         <format>html</format>
                         <format>json</format>

suppressions.xml

@@ -1,12 +1,31 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-    <!--
     <suppress>
         <notes><![CDATA[
-           file name: snakeyaml-1.33.jar
+   file name: snakeyaml-1.33.jar
-        ]]></notes>
+   ]]></notes>
         <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
         <cve>CVE-2021-4235</cve>
     </suppress>
-    -->
+    <suppress>
+        <notes><![CDATA[
+   file name: snakeyaml-1.33.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+        <cve>CVE-2022-3064</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: snakeyaml-1.33.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+        <vulnerabilityName>CVE-2022-1471</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: json-20220924.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.json/json@.*$</packageUrl>
+        <vulnerabilityName>CVE-2022-45688</vulnerabilityName>
+    </suppress>
 </suppressions>